[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE]
From: Albert Astals Cid <tsdgeos () terra ! es>
Date: 2004-09-14 17:22:04
Message-ID: 200409141922.04959.tsdgeos () terra ! es
[Download RAW message or body]
A Dimarts 14 Setembre 2004 11:27, vĂ reu escriure:
> On Tuesday 14 September 2004 00:20, Albert Astals Cid wrote:
> > M +240 -70 kpdf_part.cpp 1.78 [POSSIBLY UNSAFE: system]
>
> hmm, no quoting at all done for the parameters?
What is quoting?
> Aren't those supplied by the .pdf itself?
Of course the pdf supplies the program and the parametes it want to run, i get
them and if the user agrees on executing the program with the given
parameters it is executed using system (i could use something else but the
code is copied from xpdf)
> its rather dangerous to do that.
If i am asking the user
Do you want to execute the command:\n%1
I don't find it dangerous at all.
Albert
>
> Dirk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic